目录条目 - 帐户有效

时间:2011-04-28 15:52:31

标签: c# asp.net active-directory

我正在尝试实现此处描述的IsActive方法Is Account Active,但我得到的对象引用未设置为该对象的实例。

       private bool IsActive(DirectoryEntry de)
    {
        DirectoryEntry myEntry = GetDirectoryEntry();
        if (myEntry.NativeGuid == null) return false;

        int flags = (int)myEntry.Properties["userAccountControl"].Value;

        if (!Convert.ToBoolean(flags & 0x0002)) return true; else return false;

        return false;
    }
   private void SubmitData()
    {
        System.Guid guid = Guid.NewGuid();
        logInfo.IPaddress = IPAddress;

        if (!String.IsNullOrEmpty(txtUser.Text))
        {
            string username = txtUser.Text.ToString();
            if (IsActive(de) != false)
            {
                if (DateTime.Now.Subtract(passwordLastSet).TotalHours > 1)
                {
                    lblPasswordLastSet.Text = passwordLastSet.ToString();
                    lblStatus.Text = "all is good";
                }
                else
                {
                    lblStatus.Text = "oops, you reset your password less than 24 hours ago!";
                    lblPasswordLastSet.Text = passwordLastSet.ToString();
                }
            }
            else
            {
                lblStatus.Text = "your account is not active";
            }
        }
    }

1 个答案:

答案 0 :(得分:1)

如果您使用的是.NET 3.5及更高版本,则应查看System.DirectoryServices.AccountManagement(S.DS.AM)命名空间。在这里阅读所有相关内容:

Managing Directory Security Principals in the .NET Framework 3.5

基本上,您可以定义域上下文并轻松在AD中查找用户和/或组:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find user by name
UserPrincipal user = UserPrincipal.FindByIdentity("John Doe");

if(user != null)
{
   // check if account is locked out
   if(user.IsAccountLockedOut)
   {
      // do something if locked out....
   }
}

新的S.DS.AM使得在AD中使用用户和群组变得非常容易: